Security Basics mailing list archives
RE: sniffing packets on a switch
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Mon, 10 Mar 2003 17:55:11 -0000
Just to confirm what James has said, Ethercap WILL degrade performance. I have recommended it at times but be aware of its impact like any tool that you want to introduce to any network. Especially a corporate network. It is a good tool for some jobs but has its price. Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: Fields, James [mailto:James.Fields () bcbsfl com] Sent: 10 March 2003 12:45 To: 'Scott Borre'; security-basics () securityfocus com Subject: RE: sniffing packets on a switch Several posters have replied recommending you use Ettercap. I strongly urge you NOT to do this if you are on a corporate network. Ettercap attempts to defeat the normal behavior of the switched environment using something called "arp poisoning" to trick hosts on the switch into sending you their packets. Use of Ettercap may cause degraded performance of the sniffed hosts or the subnet in general, especially if it is a busy subnet. At my company this would grounds for immediate termination and possibly legal action. -----Original Message----- From: Scott Borre [mailto:sfborre () yahoo com] Sent: Friday, March 07, 2003 6:55 PM To: security-basics () securityfocus com Subject: sniffing packets on a switch I am interested in what people recommend using to sniff packets on a switch. I have heard that TCPdump has some problems doing this. Thank you ahead of the time for any assistance. Scott Borre __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc. ****************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie ******************************************************************************
Current thread:
- sniffing packets on a switch Scott Borre (Mar 08)
- Re: sniffing packets on a switch Mark Ng (Mar 08)
- Re: sniffing packets on a switch secvuln (Mar 08)
- RE: sniffing packets on a switch David Gillett (Mar 11)
- Re: sniffing packets on a switch Valerio Bellizzomi (Mar 12)
- <Possible follow-ups>
- RE: sniffing packets on a switch Hankes, Christopher A (Mar 08)
- RE: sniffing packets on a switch Elkhatib, Ahmad (Mar 08)
- RE: sniffing packets on a switch Fields, James (Mar 10)
- Re: sniffing packets on a switch Kenzo (Mar 11)
- RE: sniffing packets on a switch Trevor Cushen (Mar 11)
- RE: sniffing packets on a switch Brad Davenport (Mar 12)
- RE: sniffing packets on a switch cpmurphyiii (Mar 13)
- Re: RE: sniffing packets on a switch govind (Mar 17)
- RE: sniffing packets on a switch David Vertie (Mar 17)